CVE-2025-41452 Danfoss CVE debrief

Who should care

OT operators, building/industrial control teams, and system integrators running Danfoss AK-SM 8xxA Series devices below version 4.3.1 should care, especially if authenticated users can reach the web interface from a broad internal network.

Technical summary

The advisory describes a post-authenticated external control of a web-interface configuration setting in the Danfoss AK-SM 8xxA Series before 4.3.1. The result is denial of service caused by improper handling of exceptional conditions. CISA lists the issue with CVSS v3.1 5.4 (AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H), which aligns with an availability-focused impact that still requires authenticated access and user interaction.

Defensive priority

Medium. This is not listed in the supplied corpus as a KEV item, but it can affect availability in OT environments. Prioritize remediation on exposed or operationally critical systems, then fold the fix into normal maintenance windows.

Recommended defensive actions

• Upgrade affected Danfoss AK-SM 8xxA Series systems to version 4.3.1 or later using the AK-SM 800A Software Upgrade Process.
• Verify which deployed assets are running versions below 4.3.1 and schedule upgrades with operational owners.
• Limit access to the system web interface to only necessary authenticated administrators and trusted management networks.
• Review Danfoss security advisories and CISA ICS recommended practices for additional defense-in-depth guidance.
• Confirm recovery procedures and configuration backups are current before applying the update.

Evidence notes

This debrief is based on CISA's CSAF advisory ICSA-25-140-03 and its referenced remediation guidance. The advisory was published on 2025-05-20 and updated on 2025-08-26 to add CVE-2025-41452. The affected product is listed as Danfoss AK-SM 8xxA Series <4.3.1, and the remediation points to release 4.3.1 as the fix.

Official resources